Shulou(Shulou.com)06/01 Report--

Ultra vires vulnerability is a common logical security vulnerability. Because the server overtrusts the data operation request put forward by the customer and ignores the judgment of the user's operation authority, the modification of relevant parameters can have the functions of adding, deleting, querying and changing other accounts, resulting in ultra vires loopholes.

1. Classification

According to the classification of the operation of the database, it can be divided into the following categories: ultra vires query, ultra vires deletion, ultra vires modification, ultra vires addition and so on.

According to the dimension, it can be divided into parallel ultra vires, vertical ultra vires and cross ultra vires.

Parallel ultra vires: the permission type remains the same, but the permission ID changes. For example, if you are an ordinary user, one of them can view other user information. It is common to view the information of other users by modifying an ID parameter. For example, when you check your own information, you find that there is a parameter of userID in the URL connection or in the http request header, and then you can modify this parameter to view that person's information!

Vertical ultra vires: the permission ID remains unchanged and the permission type changes. For example, ordinary users can use administrator permissions to operate. If you log in and find that there is a roleID role parameter in cookie, you can change the ID to 1 or 0. Depending on the situation, you can use administrator privileges!

Cross ultra vires: the permission type changes, and so does the permission ID.

2. Harm of ultra vires loopholes

The harm and impact of ultra vires vulnerabilities are mainly related to the importance of the corresponding business. For example, the server-side response of a page (not limited to the information returned by the page, sometimes the information is in the response package and the page may not be visible) returns sensitive information such as login name, login password, mobile number, × × and other sensitive information. If there is parallel ultra vires, you can view the sensitive information of all users by traversing the user ID. This is also a disguised * *, and is difficult to detect by the firewall, because it is no different from normal access requests, does not contain special characters, and is fully secretive.

3. How to detect ultra vires loopholes

One of the simplest detection methods is to find the ultra vires vulnerability by locating the authentication parameters and then replacing them with other account authentication parameters.

4. Ultra vires loophole repair scheme

1. Basic security architecture and improve user authority system. It is necessary to know which data is for which users and which data should not be operated by which users.

2. Authentication. The server verifies the requested data and the identity of the current user.

Do not directly use the real name or keyword of the object.

4. Strictly check and filter the controllable parameters!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.